The Technology

The DataStealth Technology

What's Wrong With Traditional Cybersecurity Offerings?

The underlying approach currently used by virtually all traditional cybersecurity vendors typically falls into one of two models:

Perimeter Protection – attempting to use barriers to prevent hackers from gaining unauthorized access into an organization’s computer systems. Such barriers include firewalls, encryption, stronger passwords, intrusion detection systems, and many others.
Alert and Monitor – solutions that monitor computer systems and attempt to alert organizations if an unauthorized user is detected, usually after the breach has already occurred.

Unfortunately, hackers have become much more sophisticated and have been able to figure out how to work around these barriers to gain unauthorized access. Once inside, the intruders steal whatever valuable data they can find.

This is the fundamental flaw with traditional cybersecurity offerings and what makes DataStealth’s approach so totally different.

datex-illustration-2b

What is so Different about DataStealth?

The first-mover advantage cybercriminals have, beyond their considerable hacking skills, is knowing where to hack. Hackers know that major banks, retailers, hospitals, insurance companies, airlines, infrastructure providers, government, and other large organizations physically store valuable sensitive data within their IT environments. By targeting such organizations, hackers know that when they succeed in breaking in, they will then be able to help themselves to a large treasure-trove of valuable sensitive data and documents.

Understanding this, DataStealth starts by asking a totally different question:

What if hackers succeed in breaking in, only to find nothing of value to steal?

The patented and proven DataStealth technology is the result of this totally different approach to cybersecurity.

Datex-TheTechnology-Illustration3b

DataStealth does not rely on organizations being able to succeed in keeping the “bad guys” from breaking into their computer systems. Instead, the unique DataStealth approach to cybersecurity is being recognized by more and more organizations as a vastly superior approach.

DataStealth ensures that no sensitive data or documents are physically stored within your organization’s computer systems. So if, or more realistically, when hackers succeed in breaching your existing security measures and gain access, they will not be able to find anything of value to steal. This unique approach, underlying the breakthrough DataStealth technology, makes so much intuitive sense. After all, hackers cannot steal what isn’t there.

datex-illustration-4b

“It was a breath of fresh air to go from learning about DataStealth, to deploying the solution within 30 days. With our initial use case met, we’ve challenged our organization to find other technology deployment opportunities. It’s rare that a solution is net-cash positive to our budgeting process, so we happily continue to expand the footprint and find new DataStealth use cases.”

Cybersecurity Executive

DataStealth Partner Since 2020

How DataStealth Works

The patented DataStealth technology transparently monitors and inspects all data as it enters and travels within an organization’s IT environment. Depending on the use case, DataStealth can be placed either inside or – and this is unique to DataStealth – entirely outside of an organization’s IT environment (including all applications, databases, SaaS applications, storage environments, and other systems).

When sensitive data is detected, DataStealth automatically intercepts the sensitive data and replaces it with a meaningless string of data, chosen from one of many user-configurable data obfuscation options including:

Tokenization – for example, where a real credit card number such as ‘4520 8500 1234 4321’ could be replaced with ‘4987 1111 2222 3333’ or any other user-defined tokenization format.
Encryption – for example, where the name ‘Bob’ and ‘Smith’ could be replaced with ‘ec83c2fbddfe’ and ‘2a7fd7384a1a970a2fcd4d39a237’, or other symmetric and asymmetric encryption options.
Masking – for example, where the drug ID number ‘2239090’ could be replaced with ‘2xxxxxxx’ or any other user-defined data masking format.

Whenever an authorized user or authorized business process requires the real data to be viewed or sent somewhere (for payment processing as just one example), DataStealth reverses the obfuscation, automatically and transparently, replacing the tokenized, encrypted or masked value with the real data in transit.

DataStealth uniquely enables sensitive data to not be stored in an organization’s systems so even if intruders gain unauthorized access, “they cannot steal what is not there”.

What Happens to the Sensitive Data DataStealth Intercepts?

DataStealth enables the safe storage of intercepted sensitive data using a proprietary, multi-layered, secure data storage process.

Each individual piece of sensitive data is uniquely protected by a “double-encryption” process that includes a:

Data Encrypting Key – whose function is to encrypt and decrypt sensitive data, where each piece of sensitive data is protected by its own unique Data Encrypting Key.
Key Encrypting Key – whose function is to encrypt and decrypt the Data Encrypting Key, where the Key Encrypting Key can either be provided by the customer (Bring Your Own Key) or by DataStealth.

Each individual piece of this “doubly-encrypted” sensitive data is then broken up into a number of smaller individual pieces. Each of these DataStealth-protected smaller individual pieces is stored in a number of storage nodes across a number of physical, virtual or cloud locations. This is done in such a way that no single storage node, regardless of physical location, has enough of the pieces to rebuild the original sensitive data. The number of pieces, the number of nodes, and the number and type of physical storage locations can all be specified by DataStealth clients.

For example, a DataStealth client could choose to store three pieces in AWS, three pieces in Azure, and three pieces in Google Cloud. None of the three locations would have enough of the pieces to reconstruct the original sensitive data.

These and numerous other cryptographic processes make it computationally infeasible for anyone to steal sensitive data that is protected by DataStealth.

“Datex’s DataStealth is a difficult product to classify. It resembles data loss prevention (DLP) and privacy software but doesn’t fit neatly in either category.

By focusing on data obfuscation, DataStealth uses a novel approach aimed at limiting sensitive-data acquisition in the first place (i.e., with the logic that “you can’t lose what you don’t have”).

Traditional DLP solutions often resemble action heroes: they swoop in the last second to prevent some kind of catastrophic loss (assuming they were configured correctly, of course).

DataStealth, however, works by removing sensitive data from files and replacing it with placeholder “dummy” data, effectively converting such data into something far more innocuous. That is, it’s data you don’t need to fear losing.

The software can be used for incoming and outgoing data, which is a particularly nice feature to have when documents containing sensitive data must be shared with third parties. Because the personally identifiable information or other sensitive data has been removed, so has any liability that might exist if the third party is compromised.

This simple but effective approach to data protection and privacy has caught the attention of those in government, finance, and healthcare. But any organization that holds sensitive data could find a lot of value in DataStealth.”

Logan Rohde

Info-Tech Research Group

Why is DataStealth so Fast and Easy to Implement?

Virtually all our clients are amazed when we prove to them how quickly, easily, and inexpensively DataStealth can be implemented:

without the need for any existing software code to be rewritten or modified. With DataStealth, there is no need to build integrations using APIs or connectors or install any agents or widgets.
without the need to make any changes to existing user interaction or business processes. With DataStealth, there is no need to retrain employees. Internal users continue to interact with their computer applications as before. External users continue to interact with websites as before.

“The DataStealth approach to securing sensitive data and preventing breaches is unlike most other cybersecurity solutions we have seen. When we were first introduced to DataStealth, it sounded like a unique and innovative solution, so we decided to put it to the test. After extensive due diligence, we confirmed that it works as advertised. DataStealth is extremely innovative, powerful, flexible, and scalable – and is supported by their team's deep technical expertise. DataStealth has worked well for us.”

Vice President, IT

DataStealth Client Since 2020

How Robust and Scalable is DataStealth?

DataStealth is not only powerful and flexible, but also extremely robust and scalable. DataStealth handles incredibly large volumes of transactions with ease including:

Hundreds of Supported Protocols, Payloads and Data Types
Millions of Web Requests sustained per minute
Billions of Data Protection Events per month.

DataStealth has a number of deployment options, each of which is designed to meet the varied requirements of our clients, with their unique IT environments and their multiple and disparate use cases.

DataStealth can be deployed as a physical appliance, a virtual instance, or in any Cloud platform. In all cases, DataStealth can be managed either by us or by our clients. We can even offer DataStealth as a hosted solution. All this makes DataStealth a very flexible, scalable and “future proof” solution.

One DataStealth client currently protects over 10 billion records a month (and exponentially growing) on multiple servers, in multiple geographic locations, deployed on both their own data centers and Cloud providers.

Software solutions as mission critical as data security must be able to keep up with massive transactional volume, resiliency, redundancy, and scalability. DataStealth can scale up for extremely heavy transactional workloads without the need for a massive and expensive hardware deployment to support it.

DataStealth clients often test workload scenarios with very heavy transactional volumes, and despite the best efforts of their testing teams, they have never been able to find or exceed the limits of DataStealth's performance and scalability capabilities. Every time they have increased the workload, DataStealth was able to scale along with their requirements.

DataStealth's Powerful Monitoring and Real-Time Alerts

DataStealth’s powerful monitoring capabilities provide real-time visibility, insights, and alerts. This includes extensive real-time monitoring of websites, servers, endpoints and security certificates.

In the event any anomalies are detected with network performance, security or connectivity, DataStealth provides immediate notifications. These alerts simplify troubleshooting efforts and provide assurances that everything is operating at peak levels, at all times.

DataStealth clients often work closely with their anti-fraud and analytical teams to build monitoring capabilities that provide them with the actionable intel they require to protect their organization from nefarious attacks. These clients often tell us that DataStealth can ‘see things other technologies cannot see’ and ‘do things other technologies cannot do’. DataStealth is able to alert organizations to threats that they were completely unaware of and take corrective actions just in time.

DataStealth Standards and Compliance

DataStealth adheres and complies with established and widely recognized standards, frameworks, and compliance programs including:

DataStealth Standards And Compliance Spotlight:
PCI Security Standards Council

Datex is a Participating Organization in the PCI Security Standards Council (PCI SSC) which helps secure payment data worldwide through the ongoing development and adoption of the PCI Security Standards.